1 the elements of cryptography chapter 7 panko, corporate computer and network security copyright...
TRANSCRIPT
![Page 1: 1 The Elements of Cryptography Chapter 7 Panko, Corporate Computer and Network Security Copyright 2004 Prentice-Hall](https://reader035.vdocuments.us/reader035/viewer/2022062221/56649f265503460f94c3cef2/html5/thumbnails/1.jpg)
1
The Elements of Cryptography
Chapter 7
Panko, Corporate Computer and Network SecurityCopyright 2004 Prentice-Hall
![Page 2: 1 The Elements of Cryptography Chapter 7 Panko, Corporate Computer and Network Security Copyright 2004 Prentice-Hall](https://reader035.vdocuments.us/reader035/viewer/2022062221/56649f265503460f94c3cef2/html5/thumbnails/2.jpg)
2
Figure 7-1: Cryptographic System
ConfidentialityAuthentication
Message IntegrityAnti-Replay Protection
Client PC with Cryptographic
SystemSoftware
Server withCryptographic
SystemSoftware
Secure Communication
ProvidedAutomatically
![Page 3: 1 The Elements of Cryptography Chapter 7 Panko, Corporate Computer and Network Security Copyright 2004 Prentice-Hall](https://reader035.vdocuments.us/reader035/viewer/2022062221/56649f265503460f94c3cef2/html5/thumbnails/3.jpg)
3
Figure 7-2: Plaintext, Encryption, Ciphertext, and Decryption
Network
Plaintext“Hello”
EncryptionMethod &
Key
Ciphertext “11011101”
EncryptionKey
Ciphertext “11011101” Plaintext“Hello”
DecryptionMethod &
Key
DecryptionKey
Interceptor
Party A
Party B
Note:Interceptor Cannot ReadCiphertext Without the
Decryption Key
![Page 4: 1 The Elements of Cryptography Chapter 7 Panko, Corporate Computer and Network Security Copyright 2004 Prentice-Hall](https://reader035.vdocuments.us/reader035/viewer/2022062221/56649f265503460f94c3cef2/html5/thumbnails/4.jpg)
4
Figure 7-3: Key Length and Number of Possible Keys
1
Key Lengthin Bits
2
4
8
16
256
65,536
16
4
2
Number of Possible Keys
40 1,099,511,627,776
56 72,057,594,037,927,900
112 5,192,296,858,534,830,000,000,000,000,000,000
![Page 5: 1 The Elements of Cryptography Chapter 7 Panko, Corporate Computer and Network Security Copyright 2004 Prentice-Hall](https://reader035.vdocuments.us/reader035/viewer/2022062221/56649f265503460f94c3cef2/html5/thumbnails/5.jpg)
5
Figure 7-3: Key Length and Number of Possible Keys
Key Lengthin Bits
112
168
256
512
1.15792E+77
1.3408E+154
3.74144E+50
5.1923E+33
Number of Possible Keys
![Page 6: 1 The Elements of Cryptography Chapter 7 Panko, Corporate Computer and Network Security Copyright 2004 Prentice-Hall](https://reader035.vdocuments.us/reader035/viewer/2022062221/56649f265503460f94c3cef2/html5/thumbnails/6.jpg)
6
Figure 7-3: Key Length and Number of Possible Keys
Notes: Shaded keys, with lengths of more than 100 bits, are considered strong symmetric keys today.
Unshaded keys, with lengths of less than 100 bits, are considered weak symmetric keys today.
Public key/private key pairs must be much longer to be strong because of the disastrous consequences of learning someone’s private key and because private keys cannot be changed rapidly.
![Page 7: 1 The Elements of Cryptography Chapter 7 Panko, Corporate Computer and Network Security Copyright 2004 Prentice-Hall](https://reader035.vdocuments.us/reader035/viewer/2022062221/56649f265503460f94c3cef2/html5/thumbnails/7.jpg)
7
Figure 7-4: Symmetric Key Encryption for Confidentiality
Network
Plaintext“Hello”
EncryptionMethod &
Key
Ciphertext “11011101”
SymmetricKey
Ciphertext “11011101” Plaintext“Hello”
DecryptionMethod &
Key
SameSymmetric
Key
Interceptor
Party A
Party B
Note:A single key is used to
encrypt and decryptin both directions.
![Page 8: 1 The Elements of Cryptography Chapter 7 Panko, Corporate Computer and Network Security Copyright 2004 Prentice-Hall](https://reader035.vdocuments.us/reader035/viewer/2022062221/56649f265503460f94c3cef2/html5/thumbnails/8.jpg)
8
Figure 7-5: Data Encryption Standard (DES)
DES EncryptionProcess
64-Bit CiphertextBlock
64-Bit DES Symmetric Key(56 bits + 8 redundant bits)64-Bit Plaintext
Block
![Page 9: 1 The Elements of Cryptography Chapter 7 Panko, Corporate Computer and Network Security Copyright 2004 Prentice-Hall](https://reader035.vdocuments.us/reader035/viewer/2022062221/56649f265503460f94c3cef2/html5/thumbnails/9.jpg)
9
Figure 7-6: DES-CBC (DES-Cipher Block Chaining)
First64-Bit Plaintext Block
DES EncryptionProcess
Second64-Bit Plaintext Block
First64-Bit Ciphertext Block
InitializationVector (IV)
DES EncryptionProcess
Second64-Bit Ciphertext Block
DES Key
DES Key
![Page 10: 1 The Elements of Cryptography Chapter 7 Panko, Corporate Computer and Network Security Copyright 2004 Prentice-Hall](https://reader035.vdocuments.us/reader035/viewer/2022062221/56649f265503460f94c3cef2/html5/thumbnails/10.jpg)
10
Figure 7-7: Triple DES (3DES)
Sender Receiver
Encrypts plaintext with the1st key
Decrypts ciphertext withthe 3d key
Decrypts output of firststep with the 2nd key
Encrypts output of thefirst step with the 2nd key
Encrypts output of secondstep with the 3d key; givesthe ciphertext to be sent
Decrypts output of secondstep with the 1st key; givesthe original plaintext
168-Bit Encryption with Three 56-Bit Keys
![Page 11: 1 The Elements of Cryptography Chapter 7 Panko, Corporate Computer and Network Security Copyright 2004 Prentice-Hall](https://reader035.vdocuments.us/reader035/viewer/2022062221/56649f265503460f94c3cef2/html5/thumbnails/11.jpg)
11
Figure 7-7: Triple DES (3DES)
Sender Receiver
Encrypts plaintext with the1st key
Decrypts ciphertext withthe 1st key
Decrypts output with the 2nd key
Encrypts output with the2nd key
Encrypts output with the1st key
Decrypts output with the1st key
112-Bit Encryption With Two 56-Bit Keys
![Page 12: 1 The Elements of Cryptography Chapter 7 Panko, Corporate Computer and Network Security Copyright 2004 Prentice-Hall](https://reader035.vdocuments.us/reader035/viewer/2022062221/56649f265503460f94c3cef2/html5/thumbnails/12.jpg)
12
Figure 7-7: Triple DES (3DES)
Sender Receiver
Encrypts plaintext withthe key
Decrypts ciphertext withthe key
Encrypts output with thekey (undoes first step)
Encrypts output with thekey
56-Bit Encryption With One 56-Bit Key(For Compatibility With Receivers
Who Can Handle Only Normal DES)
![Page 13: 1 The Elements of Cryptography Chapter 7 Panko, Corporate Computer and Network Security Copyright 2004 Prentice-Hall](https://reader035.vdocuments.us/reader035/viewer/2022062221/56649f265503460f94c3cef2/html5/thumbnails/13.jpg)
13
Figure 7-8: DES, 3DES, and AES
DES
56
Weak
Moderate
Moderate
3DES
112 or 168
Strong
High
High
AES
128, 192, 256
Strong
Modest
Modest
Key Length (bits)
Strength
ProcessingRequirements
RAM Requirements
![Page 14: 1 The Elements of Cryptography Chapter 7 Panko, Corporate Computer and Network Security Copyright 2004 Prentice-Hall](https://reader035.vdocuments.us/reader035/viewer/2022062221/56649f265503460f94c3cef2/html5/thumbnails/14.jpg)
14
Symmetric Key Encryption
RC4 Only 40-bit encryption
Very weak
Used in wired equivalent privacy security for 802.11 initially
New
![Page 15: 1 The Elements of Cryptography Chapter 7 Panko, Corporate Computer and Network Security Copyright 2004 Prentice-Hall](https://reader035.vdocuments.us/reader035/viewer/2022062221/56649f265503460f94c3cef2/html5/thumbnails/15.jpg)
15
Figure 7-9: Public Key Encryption for Confidentiality
Party A Party B
Decrypt withParty A’s Private Key
Encrypt withParty A’s Public Key
Encrypt withParty B’s Public Key
Decrypt withParty B’s Private Key
EncryptedMessage
EncryptedMessage
![Page 16: 1 The Elements of Cryptography Chapter 7 Panko, Corporate Computer and Network Security Copyright 2004 Prentice-Hall](https://reader035.vdocuments.us/reader035/viewer/2022062221/56649f265503460f94c3cef2/html5/thumbnails/16.jpg)
16
Figure 7-10: Strong Keys for Symmetric and Public Key Encryption
Strong Symmetric Keys Strong Public and Private Keys
Limited damage if cracked, so can be shorter
Changed frequently, so canbe shorter
Serious damage if cracked, somust be longer
Rarely changed, so must belonger
![Page 17: 1 The Elements of Cryptography Chapter 7 Panko, Corporate Computer and Network Security Copyright 2004 Prentice-Hall](https://reader035.vdocuments.us/reader035/viewer/2022062221/56649f265503460f94c3cef2/html5/thumbnails/17.jpg)
17
Figure 7-10: Strong Keys for Symmetric and Public Key Encryption
Strong Symmetric Keys Strong Public and Private Keys
100 bits or more todayLonger for high-value transactionsLonger tomorrow as cracking power increasesDES: 56-bits (weak), but 3DES gives 112-bit or 168-bit securityAES: Key lengths of 128, 192, or 256; yet places a light load on processor and RAM so can be used by mobile devicesIDEA: 128 bits
1,024 or 2,048 bits for RSA encryption today
512 bits for ECC encryption today
Longer tomorrow as cracking power increases
![Page 18: 1 The Elements of Cryptography Chapter 7 Panko, Corporate Computer and Network Security Copyright 2004 Prentice-Hall](https://reader035.vdocuments.us/reader035/viewer/2022062221/56649f265503460f94c3cef2/html5/thumbnails/18.jpg)
18
Figure 7-11: MS-CHAP Challenge-Response Authentication Protocol
2.Verifier sends Challenge Message
Challenge
Applicant(Client)
Verifier(Server)
1.Verifier creates
Challenge Message
Note: Both the client and the serverknow the client’s password.
![Page 19: 1 The Elements of Cryptography Chapter 7 Panko, Corporate Computer and Network Security Copyright 2004 Prentice-Hall](https://reader035.vdocuments.us/reader035/viewer/2022062221/56649f265503460f94c3cef2/html5/thumbnails/19.jpg)
19
Figure 7-11: MS-CHAP Challenge-Response Authentication Protocol
3.
Applicant (Supplicant)creates a Response Message:
(a) Adds password toChallenge Message
(b) Hashes the resultant bitstring (does not encrypt)
(c) The hash is theResponse Message
ChallengePassword
Response
Hashing(Not Encryption)
![Page 20: 1 The Elements of Cryptography Chapter 7 Panko, Corporate Computer and Network Security Copyright 2004 Prentice-Hall](https://reader035.vdocuments.us/reader035/viewer/2022062221/56649f265503460f94c3cef2/html5/thumbnails/20.jpg)
20
Figure 7-11: MS-CHAP Challenge-Response Authentication Protocol
4.Applicant sends Response Message without encryption
Transmitted Response
![Page 21: 1 The Elements of Cryptography Chapter 7 Panko, Corporate Computer and Network Security Copyright 2004 Prentice-Hall](https://reader035.vdocuments.us/reader035/viewer/2022062221/56649f265503460f94c3cef2/html5/thumbnails/21.jpg)
21
Figure 7-11: MS-CHAP Challenge-Response Authentication Protocol
ChallengePassword
Expected Response
Hashing
5.
Verifier adds password to theChallenge Message it sent.
Hashes the combination.This is the expectedResponse Message.
![Page 22: 1 The Elements of Cryptography Chapter 7 Panko, Corporate Computer and Network Security Copyright 2004 Prentice-Hall](https://reader035.vdocuments.us/reader035/viewer/2022062221/56649f265503460f94c3cef2/html5/thumbnails/22.jpg)
22
Figure 7-11: MS-CHAP Challenge-Response Authentication Protocol
Expected ResponseTransmitted Response =?
6.If the two Response Messages are equal, the
applicant knows the password and is authenticated.Sever logs Client in.
7.Note that only hashing is involved.
There is no encryption.
![Page 23: 1 The Elements of Cryptography Chapter 7 Panko, Corporate Computer and Network Security Copyright 2004 Prentice-Hall](https://reader035.vdocuments.us/reader035/viewer/2022062221/56649f265503460f94c3cef2/html5/thumbnails/23.jpg)
23
Hashing
Hashing is a one-way function. It cannot be reversed From the hash, you cannot compute the original
message
Hashing is repeatable If two parties apply the same hashing method to the
same bit string, they will get the same hash
![Page 24: 1 The Elements of Cryptography Chapter 7 Panko, Corporate Computer and Network Security Copyright 2004 Prentice-Hall](https://reader035.vdocuments.us/reader035/viewer/2022062221/56649f265503460f94c3cef2/html5/thumbnails/24.jpg)
24
Figure 7-12: Encryption Versus Hashing
Encryption
Uses a key as aninput to an encryption method
Output is similar inlength to input
Reversible; ciphertextcan be decryptedback to plaintext
Use of Key
Length of Result
Reversibility
Hashing
Key is usually addedto text; the two arecombined, and thecombination is hashed
Output is of a fixedshort length, regardless of input
One-way function; hashcannot be “de-hashed” back to the original string
![Page 25: 1 The Elements of Cryptography Chapter 7 Panko, Corporate Computer and Network Security Copyright 2004 Prentice-Hall](https://reader035.vdocuments.us/reader035/viewer/2022062221/56649f265503460f94c3cef2/html5/thumbnails/25.jpg)
25
Figure 7-13: Digital Signature for Message-by-Message Authentication
To Create the Digital Signature:
1. Hash the plaintext to create abrief message digest; this is NOT the Digital Signature.
2. Sign (encrypt) the messagedigest with the sender’s private
key to create the digital signature.
3. Transmit the plaintext + digitalsignature, encrypted withsymmetric key encryption.
Plaintext
MD
DS
DS Plaintext
Hash
Sign (Encrypt)with Sender’sPrivate Key
![Page 26: 1 The Elements of Cryptography Chapter 7 Panko, Corporate Computer and Network Security Copyright 2004 Prentice-Hall](https://reader035.vdocuments.us/reader035/viewer/2022062221/56649f265503460f94c3cef2/html5/thumbnails/26.jpg)
26
Figure 7-13: Digital Signature for Message-by-Message Authentication
4. Encrypted withSession Key
DS Plaintext
Sender Receiver
![Page 27: 1 The Elements of Cryptography Chapter 7 Panko, Corporate Computer and Network Security Copyright 2004 Prentice-Hall](https://reader035.vdocuments.us/reader035/viewer/2022062221/56649f265503460f94c3cef2/html5/thumbnails/27.jpg)
27
Figure 7-13: Digital Signature for Message-by-Message Authentication
To Test the Digital Signature
5. Hash the received plaintextwith the same hashing algorithm
the sender used. This givesthe message digest.
6. Decrypt the digital signaturewith the sender’s public key.
This also should give themessage digest.
7. If the two match, themessage is authenticated.
Received Plaintext
MD
DS
MD
5. 6.
HashDecrypt withTrue Party’sPublic Key
7.Are they equal?
![Page 28: 1 The Elements of Cryptography Chapter 7 Panko, Corporate Computer and Network Security Copyright 2004 Prentice-Hall](https://reader035.vdocuments.us/reader035/viewer/2022062221/56649f265503460f94c3cef2/html5/thumbnails/28.jpg)
28
Figure 7-14: Public Key Deception
Impostor
“I am the True Person.”
“Here is TP’s public key.”(Sends Impostor’s public key)
“Here is authenticationbased on TP’s private key.”(Really Impostor’s private key)
Decryption of message from Verifierencrypted with Imposter’s public key,so Impostor can decrypt it
Verifier
Must authenticate True Person.
Believes now hasTP’s public key
Believes True Personis authenticated
based on Impostor’s public key
“True Person,here is a message encrypted
with your public key.”
CriticalDeception
![Page 29: 1 The Elements of Cryptography Chapter 7 Panko, Corporate Computer and Network Security Copyright 2004 Prentice-Hall](https://reader035.vdocuments.us/reader035/viewer/2022062221/56649f265503460f94c3cef2/html5/thumbnails/29.jpg)
29
Figure 7-15: Important X.509 Digital Certificate Fields
Field Description
VersionNumber
Version number of the X.509. Most certificates follow Version 3. Different versions have different fields. This figure reflects the Version 3 standard.
Issuer Name of the Certificate Authority (CA).
SerialNumber
Unique serial number for the certificate, set by the CA.
![Page 30: 1 The Elements of Cryptography Chapter 7 Panko, Corporate Computer and Network Security Copyright 2004 Prentice-Hall](https://reader035.vdocuments.us/reader035/viewer/2022062221/56649f265503460f94c3cef2/html5/thumbnails/30.jpg)
30
Figure 7-15: Important X.509 Digital Certificate Fields
Field Description
Subject The name of the person, organization, computer, or program to which the certificate has been issued. This is the true party.
Public KeyThe public key of the subject—the public key of the true party.
Public KeyAlgorithm
The algorithm the subject uses to sign messages with digital signatures.
![Page 31: 1 The Elements of Cryptography Chapter 7 Panko, Corporate Computer and Network Security Copyright 2004 Prentice-Hall](https://reader035.vdocuments.us/reader035/viewer/2022062221/56649f265503460f94c3cef2/html5/thumbnails/31.jpg)
31
Figure 7-15: Important X.509 Digital Certificate Fields
Field Description
ValidPeriod
The period before which and after which the certificate should not be used.Note: Certificate may be revoked before the end of this period.
DigitalSignature
The digital signature of the certificate, signed by the CA with the CA’s own private key.Provides authentication and certificate integrity.User must know the CA’s public key independently.
![Page 32: 1 The Elements of Cryptography Chapter 7 Panko, Corporate Computer and Network Security Copyright 2004 Prentice-Hall](https://reader035.vdocuments.us/reader035/viewer/2022062221/56649f265503460f94c3cef2/html5/thumbnails/32.jpg)
32
Figure 7-15: Important X.509 Digital Certificate Fields
Field Description
SignatureAlgorithmIdentifier
The digital signature algorithm the CA uses to signits certificates.
![Page 33: 1 The Elements of Cryptography Chapter 7 Panko, Corporate Computer and Network Security Copyright 2004 Prentice-Hall](https://reader035.vdocuments.us/reader035/viewer/2022062221/56649f265503460f94c3cef2/html5/thumbnails/33.jpg)
33
Figure 7-16: Digital Signature and Digital Certificate in Authentication
Digital Certificate
Authentication
Public Key ofTrue Party
Signature to BeTested with
Public Key ofTrue Party
Digital Signature
![Page 34: 1 The Elements of Cryptography Chapter 7 Panko, Corporate Computer and Network Security Copyright 2004 Prentice-Hall](https://reader035.vdocuments.us/reader035/viewer/2022062221/56649f265503460f94c3cef2/html5/thumbnails/34.jpg)
34
Figure 7-17: Public Key Infrastructure (PKI) with a Certificate Authority
Create &Distribute
(1) Private Keyand
(2) Digital Certificate
4.Certificate
for Lee
3.Request Certificate
for Lee
5.Certificate
for Lee
6. Request CertificateRevocation List (CRL)
7. Copy of CRL
Verifier(Brown)
Applicant (Lee)
Verifier(Cheng)
CertificateAuthority
PKI Server
![Page 35: 1 The Elements of Cryptography Chapter 7 Panko, Corporate Computer and Network Security Copyright 2004 Prentice-Hall](https://reader035.vdocuments.us/reader035/viewer/2022062221/56649f265503460f94c3cef2/html5/thumbnails/35.jpg)
35
Certificate Authority (CA)
CAs are not regulated in any country today Anyone can be a CA
Even an organized crime syndicate
Some, such as VeriSign, are widely trusted
Companies can be their own CAs Assign keys and certificates to their internal
computers
This gets around the need to trust public CAs
![Page 36: 1 The Elements of Cryptography Chapter 7 Panko, Corporate Computer and Network Security Copyright 2004 Prentice-Hall](https://reader035.vdocuments.us/reader035/viewer/2022062221/56649f265503460f94c3cef2/html5/thumbnails/36.jpg)
36
Figure 7-18: Public Key Distribution for Symmetric Session Keys
Party A Party B
1. CreateSymmetric
Session Key
![Page 37: 1 The Elements of Cryptography Chapter 7 Panko, Corporate Computer and Network Security Copyright 2004 Prentice-Hall](https://reader035.vdocuments.us/reader035/viewer/2022062221/56649f265503460f94c3cef2/html5/thumbnails/37.jpg)
37
Figure 7-18: Public Key Distribution for Symmetric Session Keys
Party A Party B
2. EncryptSession Key with
Party B’s Public Key
4. DecryptSession Key with
Party B’s Private Key
3. Send the SymmetricSession Key Encrypted
for Confidentiality
5. Subsequent Encryption withSymmetric Session Key
![Page 38: 1 The Elements of Cryptography Chapter 7 Panko, Corporate Computer and Network Security Copyright 2004 Prentice-Hall](https://reader035.vdocuments.us/reader035/viewer/2022062221/56649f265503460f94c3cef2/html5/thumbnails/38.jpg)
38
Figure 7-19: Diffie-Hellman Key Agreement
Party X Party Y
1. Agree on Diffie-Hellman Groupp (prime) and g (generator)
2.GeneratesRandom
Number x
2.GeneratesRandom
Number y
![Page 39: 1 The Elements of Cryptography Chapter 7 Panko, Corporate Computer and Network Security Copyright 2004 Prentice-Hall](https://reader035.vdocuments.us/reader035/viewer/2022062221/56649f265503460f94c3cef2/html5/thumbnails/39.jpg)
39
Figure 7-19: Diffie-Hellman Key Agreement
Party X Party Y
3.Computes
x’=g^x mod p
3.Computes
y’=g^y mod p4.
Exchange x’ and y’Without Security
![Page 40: 1 The Elements of Cryptography Chapter 7 Panko, Corporate Computer and Network Security Copyright 2004 Prentice-Hall](https://reader035.vdocuments.us/reader035/viewer/2022062221/56649f265503460f94c3cef2/html5/thumbnails/40.jpg)
40
Figure 7-19: Diffie-Hellman Key Agreement
Party X Party Y
5.Compute Key=
y’^x mod p=g^(xy) mod p
5.Compute Key=
x’^y mod p=g^(xy) mod p6. Subsequent Encryption
with SymmetricSession Key
![Page 41: 1 The Elements of Cryptography Chapter 7 Panko, Corporate Computer and Network Security Copyright 2004 Prentice-Hall](https://reader035.vdocuments.us/reader035/viewer/2022062221/56649f265503460f94c3cef2/html5/thumbnails/41.jpg)
41
Figure 7-20: Replay Attacks
Replay Attacks Retransmit an intercepted message
Message is encrypted so that replay attacker cannot read it
Why Replay Attacks Repetition might work—for instance, replaying an
encrypted username and password might result in access to a poorly designed system
![Page 42: 1 The Elements of Cryptography Chapter 7 Panko, Corporate Computer and Network Security Copyright 2004 Prentice-Hall](https://reader035.vdocuments.us/reader035/viewer/2022062221/56649f265503460f94c3cef2/html5/thumbnails/42.jpg)
42
Figure 7-20: Replay Attacks
Preventing Replay Attacks
Insert a time stamp in messages and accept messages only if they are very recent
Insert a sequence number in each message
Insert a nonce (random number selected for the occasion) in a request message; only accept a reply message with the same nonce. Other party does not accept a request message with a previous nonce
![Page 43: 1 The Elements of Cryptography Chapter 7 Panko, Corporate Computer and Network Security Copyright 2004 Prentice-Hall](https://reader035.vdocuments.us/reader035/viewer/2022062221/56649f265503460f94c3cef2/html5/thumbnails/43.jpg)
43
Figure 7-21: Quantum Computing and Steganography
Quantum Computing Quantum Bits (Q-Bits)
In ordinary computers, each bit is either a zero or a one at any time
In quantum computers, each quantum bit (q-bit) can be both a zero and a one at any moment
When decohered, the q-bit becomes a classic one or zero randomly
![Page 44: 1 The Elements of Cryptography Chapter 7 Panko, Corporate Computer and Network Security Copyright 2004 Prentice-Hall](https://reader035.vdocuments.us/reader035/viewer/2022062221/56649f265503460f94c3cef2/html5/thumbnails/44.jpg)
44
Figure 7-21: Quantum Computing and Steganography
Quantum Computing Quantum Key Distribution (QKD)
Two particles representing q-bits can be entangled so that both will be up or down when read
The two entangled particles are sent to the two communicating parties
Both will always read the bit the same way—as a one or a zero
![Page 45: 1 The Elements of Cryptography Chapter 7 Panko, Corporate Computer and Network Security Copyright 2004 Prentice-Hall](https://reader035.vdocuments.us/reader035/viewer/2022062221/56649f265503460f94c3cef2/html5/thumbnails/45.jpg)
45
Figure 7-21: Quantum Computing and Steganography
Quantum Computing Quantum Key Distribution (QKD)
They will both read the stream of decohered q-bits as a key
Easy to detect interception of q-bits en route by an eavesdropper
QKD is becoming commercially viable
![Page 46: 1 The Elements of Cryptography Chapter 7 Panko, Corporate Computer and Network Security Copyright 2004 Prentice-Hall](https://reader035.vdocuments.us/reader035/viewer/2022062221/56649f265503460f94c3cef2/html5/thumbnails/46.jpg)
46
Figure 7-21: Quantum Computing and Steganography
Quantum Computing Quantum Key Cracking
For determining private keys from public keys An array of N q-bits can represent all possible
keys of length N Operations can be performed on all possible
keys simultaneously Results are put in a results register Decoherence gives one result randomly from all
possible results
![Page 47: 1 The Elements of Cryptography Chapter 7 Panko, Corporate Computer and Network Security Copyright 2004 Prentice-Hall](https://reader035.vdocuments.us/reader035/viewer/2022062221/56649f265503460f94c3cef2/html5/thumbnails/47.jpg)
47
Figure 7-21: Quantum Computing and Steganography
Quantum Computing Quantum Key Cracking
This single result can be used to compute the private key
Not instantaneous, but much faster than exhaustive key search
![Page 48: 1 The Elements of Cryptography Chapter 7 Panko, Corporate Computer and Network Security Copyright 2004 Prentice-Hall](https://reader035.vdocuments.us/reader035/viewer/2022062221/56649f265503460f94c3cef2/html5/thumbnails/48.jpg)
48
Figure 7-21: Quantum Computing and Steganography
Quantum Computing Quantum Key Cracking
Not practical today
We can only build quantum computers with a few q-bits
Quantum computers with 1000 or more q-bits are some time off
![Page 49: 1 The Elements of Cryptography Chapter 7 Panko, Corporate Computer and Network Security Copyright 2004 Prentice-Hall](https://reader035.vdocuments.us/reader035/viewer/2022062221/56649f265503460f94c3cef2/html5/thumbnails/49.jpg)
49
Figure 7-21: Quantum Computing and Steganography
Steganography Steganography means hidden writing
Hiding a message in an image Every image is made of pixels There often is about one byte per pixel for each
color: red, green, and blue One bit in each byte is the least significant—
changing it will alter the color by only 1/256 The process steals the least significant bit from
each byte
![Page 50: 1 The Elements of Cryptography Chapter 7 Panko, Corporate Computer and Network Security Copyright 2004 Prentice-Hall](https://reader035.vdocuments.us/reader035/viewer/2022062221/56649f265503460f94c3cef2/html5/thumbnails/50.jpg)
50
Figure 7-21: Quantum Computing and Steganography
Steganography Hiding a message in an image
The message is written into these bits
The message may be encrypted before writing it into the bits
The picture will look unchanged
![Page 51: 1 The Elements of Cryptography Chapter 7 Panko, Corporate Computer and Network Security Copyright 2004 Prentice-Hall](https://reader035.vdocuments.us/reader035/viewer/2022062221/56649f265503460f94c3cef2/html5/thumbnails/51.jpg)
51
Figure 7-21: Quantum Computing and Steganography
Steganography
Digital Watermarking
Using steganography to hide identifying information in a document
To prove copyright ownership
To identify different copies of a document
![Page 52: 1 The Elements of Cryptography Chapter 7 Panko, Corporate Computer and Network Security Copyright 2004 Prentice-Hall](https://reader035.vdocuments.us/reader035/viewer/2022062221/56649f265503460f94c3cef2/html5/thumbnails/52.jpg)
52
Figure 7-22: Cryptographic Goals and Methods
Confidentiality Authentication
Applicable. Senderencrypts with key shared with the receiver.
Not applicable.SymmetricKeyEncryption
Applicable. Senderencrypts with receiver’spublic key.
Applicable. Senderencrypts with ownprivate key.
PublicKeyEncryption
Not applicable.Applicable. Used in MS-CHAP andHMACs discussed in thenext chapter.
Hashing
Recap:Not in Book
![Page 53: 1 The Elements of Cryptography Chapter 7 Panko, Corporate Computer and Network Security Copyright 2004 Prentice-Hall](https://reader035.vdocuments.us/reader035/viewer/2022062221/56649f265503460f94c3cef2/html5/thumbnails/53.jpg)
53
Topics Covered
Cryptographic Systems Provide protections to dialog automatically
Secure communication involves Confidentiality Authentication Message integrity Anti-replay protection
![Page 54: 1 The Elements of Cryptography Chapter 7 Panko, Corporate Computer and Network Security Copyright 2004 Prentice-Hall](https://reader035.vdocuments.us/reader035/viewer/2022062221/56649f265503460f94c3cef2/html5/thumbnails/54.jpg)
54
Topics Covered
Encryption Concepts Plaintext
Encryption with encryption method and key
Ciphertext, which is is transmitted
Decryption with decryption method and decryption key
Plaintext
![Page 55: 1 The Elements of Cryptography Chapter 7 Panko, Corporate Computer and Network Security Copyright 2004 Prentice-Hall](https://reader035.vdocuments.us/reader035/viewer/2022062221/56649f265503460f94c3cef2/html5/thumbnails/55.jpg)
55
Topics Covered
Key Random bit string of a particular length
Cryptanalysts try to crack keys
Exhaustive search is thwarted by having long keys
Symmetric key encryption uses a single key for both encryption and decryption in both directions
Public key encryption uses four different keys for encrytpion and decryption in both directions
![Page 56: 1 The Elements of Cryptography Chapter 7 Panko, Corporate Computer and Network Security Copyright 2004 Prentice-Hall](https://reader035.vdocuments.us/reader035/viewer/2022062221/56649f265503460f94c3cef2/html5/thumbnails/56.jpg)
56
Topics Covered
Symmetric Key Encryption Methods DES (56-bit block encryption method)
Weak: 100 bits needed for strong symmetric key encryption
DES-Cipher Block Chaining Encryption input has three parts
Plaintext block Key Previous ciphertext block or initialization vector
3DES Apply DES three times with 1, 2, or 3 keys With 3 keys, 168-bit encryption
![Page 57: 1 The Elements of Cryptography Chapter 7 Panko, Corporate Computer and Network Security Copyright 2004 Prentice-Hall](https://reader035.vdocuments.us/reader035/viewer/2022062221/56649f265503460f94c3cef2/html5/thumbnails/57.jpg)
57
Topics Covered
Symmetric Key Encryption Methods DES and its variants has dominated in the past
Advanced Encryption Standard (AES) New, becoming dominant rapidly Key Length
128 bits 192 bits 256 bits
Low processing and memory requirements Can even be done on hand-held devices
![Page 58: 1 The Elements of Cryptography Chapter 7 Panko, Corporate Computer and Network Security Copyright 2004 Prentice-Hall](https://reader035.vdocuments.us/reader035/viewer/2022062221/56649f265503460f94c3cef2/html5/thumbnails/58.jpg)
58
Topics Covered
Public Key Encryption Each party has a secret private key and a public
key
Sender uses the receiver’s public key to encrypt for confidentiality
Receiver uses the receiver’s private key to decrypt messages
Never say “the public key” or “the private key”—always refer to a specific party’s public or private key
![Page 59: 1 The Elements of Cryptography Chapter 7 Panko, Corporate Computer and Network Security Copyright 2004 Prentice-Hall](https://reader035.vdocuments.us/reader035/viewer/2022062221/56649f265503460f94c3cef2/html5/thumbnails/59.jpg)
59
Topics Covered
Public Key Encryption Methods RSA
Dominates public key encryption today 1,024 or 2,048 bits to be strong today
Elliptic curve cryptosystem (ECC) 512 bits to be strong today (more efficient than
RSA)
In contrast, symmetric key methodologies only need key lengths of 100 bits to be strong today
![Page 60: 1 The Elements of Cryptography Chapter 7 Panko, Corporate Computer and Network Security Copyright 2004 Prentice-Hall](https://reader035.vdocuments.us/reader035/viewer/2022062221/56649f265503460f94c3cef2/html5/thumbnails/60.jpg)
60
Topics Covered
MS-CHAP Used in initial authentication
Shared secret is the user’s password
Applicant’s computer adds password to a challenge message and hashes the combined bit string
Applicant’s computer sends the hash as the response message
Problem is that process is only as secure as the strength of the user’s password
![Page 61: 1 The Elements of Cryptography Chapter 7 Panko, Corporate Computer and Network Security Copyright 2004 Prentice-Hall](https://reader035.vdocuments.us/reader035/viewer/2022062221/56649f265503460f94c3cef2/html5/thumbnails/61.jpg)
61
Topics Covered
Hashing Often used in authentication
Hashing is NOT encryption
Hashing produces a result (hash) that is always the same small length regardless of the input
Hashing is repeatable: given the same bit string, will always give the same hash No key
Hashing is irreversible
![Page 62: 1 The Elements of Cryptography Chapter 7 Panko, Corporate Computer and Network Security Copyright 2004 Prentice-Hall](https://reader035.vdocuments.us/reader035/viewer/2022062221/56649f265503460f94c3cef2/html5/thumbnails/62.jpg)
62
Topics Covered
Digital Signatures Used in message-by-message authentication
Applicant hashes plaintext message to produce a short message digest
Applicant signs message digest (encrypts it with the Applicant’s private key) to produce the digital signature
Verifier uses the true party’s public key to test the digital signature
![Page 63: 1 The Elements of Cryptography Chapter 7 Panko, Corporate Computer and Network Security Copyright 2004 Prentice-Hall](https://reader035.vdocuments.us/reader035/viewer/2022062221/56649f265503460f94c3cef2/html5/thumbnails/63.jpg)
63
Topics Covered
Digital Certificates Verifier uses the true party’s public key to test the
digital signature—not the sender’s public key
Where does the verifier get the true party’s public key?
Digital certificates give the true party’s name and public key
Note that both a digital signature and a digital certificate (to test the digital signature) are needed in authentication. Neither alone is enough.
![Page 64: 1 The Elements of Cryptography Chapter 7 Panko, Corporate Computer and Network Security Copyright 2004 Prentice-Hall](https://reader035.vdocuments.us/reader035/viewer/2022062221/56649f265503460f94c3cef2/html5/thumbnails/64.jpg)
64
Topics Covered
Public Key Infrastructure Digital certificates
Do not vouch for the goodness of the true party—only the true party’s public key
Follow the X.509 standard
PKI Server Distributes private keys securely Distributes public keys in digital certificates Provides certification revocation list (CRL) to
ensure that digital certificate is still valid
![Page 65: 1 The Elements of Cryptography Chapter 7 Panko, Corporate Computer and Network Security Copyright 2004 Prentice-Hall](https://reader035.vdocuments.us/reader035/viewer/2022062221/56649f265503460f94c3cef2/html5/thumbnails/65.jpg)
65
Topics Covered
Certificate Authorities (CA) Manage the PKI
If the CA is set up by an attacker, cannot trust its digital certificates
Not regulated
![Page 66: 1 The Elements of Cryptography Chapter 7 Panko, Corporate Computer and Network Security Copyright 2004 Prentice-Hall](https://reader035.vdocuments.us/reader035/viewer/2022062221/56649f265503460f94c3cef2/html5/thumbnails/66.jpg)
66
Topics Covered
Confidentiality Authentication
Applicable. Senderencrypts with key shared with the receiver.
Not applicable.SymmetricKeyEncryption
Applicable. Senderencrypts with receiver’spublic key.
Applicable. Senderencrypts with ownprivate key.
PublicKeyEncryption
Not applicable.Applicable. Used in MS-CHAP andHMACs discussed in thenext chapter.
Hashing
Recap:Not in Book
![Page 67: 1 The Elements of Cryptography Chapter 7 Panko, Corporate Computer and Network Security Copyright 2004 Prentice-Hall](https://reader035.vdocuments.us/reader035/viewer/2022062221/56649f265503460f94c3cef2/html5/thumbnails/67.jpg)
67
Topics Covered
Key Distribution Symmetric keys must be distributed securely
between the two parties
Session keys are only used during a single communication session to prevent cryptanalysts from getting enough traffic to crack the key
![Page 68: 1 The Elements of Cryptography Chapter 7 Panko, Corporate Computer and Network Security Copyright 2004 Prentice-Hall](https://reader035.vdocuments.us/reader035/viewer/2022062221/56649f265503460f94c3cef2/html5/thumbnails/68.jpg)
68
Topics Covered
Public Key Distribution One party randomly generates a symmetric session
key
Encrypts the key with the other party’s public key
Both have the symmetric session key, use it
Diffie-Hellman Key Agreement Mathematical way to exchange information to allow
the two parties to compute the same symmetric session key
![Page 69: 1 The Elements of Cryptography Chapter 7 Panko, Corporate Computer and Network Security Copyright 2004 Prentice-Hall](https://reader035.vdocuments.us/reader035/viewer/2022062221/56649f265503460f94c3cef2/html5/thumbnails/69.jpg)
69
Topics Covered
Replay Attacks Attacker resends message
May be effective even if the attacker cannot decrypt the message
To thwart replay attacks, use Time stamps Sequence numbers Different nonces for each command/response
cycle